Re: Trouble Upgrading Koji to v1.4.0

On 07/15/2010 10:12 AM, Matthew B Treinish wrote:
>
> I've upgraded all of koji including the hub and koji-web. I'm able to
> submit builds and use koji with the CLI the only thing that doesn't work is
> koji-web. I didn't change anything with the configurations from 1.3.2. I
> did run the database schema update script to transition the database schema
> from 1.3 to 1.4.
>
> I've posted the koji-web.conf:
> http://pastebin.com/V8YkX5rD
>
> and kojihub.conf on:
> http://pastebin.com/8t91PNZe
In your kojihub.conf try changing:
PythonOption KojiHubURL https://localhost/kojihub
to:
PythonOption KojiHubURL http://localhost/kojihub
The old ssl config requires client certs to be provided for every
https:// connection, but the web UI only does a full login (including
certs) on certain pages. Using plain http for general access to the hub
should resolve the issue. https will still be used for any actions that
modify state on the hub.

The other option is to update your ssl config.
This involves commenting out SSLVerifyClient and SSLVerifyDepth from
/etc/httpd/conf.d/ssl.conf and moving them into kojihub.conf and
kojiweb.conf.
The new entry in kojihub.conf would look like:
<Location /kojihub/ssllogin>
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
</Location>
and the new entry in kojiweb.conf would look like:
<Location /koji/login>
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
</Location>
These replace the existing <Location> entries in these 2 config files.
This configuration has the benefit of only requiring client certificate
exchange at login time, and not for every ssl request. This should
improve performance for daemons and web clients and reduce load on the hub.
Note that this ssl config change is not backward-compatible with
pre-1.4.0 koji clients, so you'll need to make sure all users are using
koji 1.4.0 or greater before making this change, or they will no longer
be able to authenticate via ssl.
Let me know if you run into any issues.